79 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Adequate Elliptic Curve for Computing the Product of n Pairings
Many pairing-based protocols require the computation of the product
and/or of a quotient of n pairings where n > 1 is a natural integer.
Zhang et al.[1] recently showed that the Kachisa-Schafer and Scott family
of elliptic curves with embedding degree 16 denoted KSS16 at the 192-bit
security level is suitable for such protocols comparatively to the Baretto-
Lynn and Scott family of elliptic curves of embedding degree 12 (BLS12).
In this work, we provide important corrections and improvements to their
work based on the computation of the optimal Ate pairing. We focus on
the computation of the nal exponentiation which represent an important
part of the overall computation of this pairing. Our results improve by
864 multiplications in Fp the computations of Zhang et al.[1]. We prove
that for computing the product or the quotient of 2 pairings, BLS12 curves
are the best solution. In other cases, specially when n > 2 as mentioned in
[1], KSS16 curves are recommended for computing product of n pairings.
Furthermore, we prove that the curve presented by Zhang et al.[1] is not
resistant against small subgroup attacks. We provide an example of KSS16
curve protected against such attacks
Optimal Ate Pairing on Elliptic Curves with Embedding Degree and
Much attention has been given to the efficient computation of pairings on
elliptic curves with even embedding degree since the advent of pairing-based
cryptography. The few existing works in the case of odd embedding degrees
require some improvements. This paper considers the computation of optimal ate
pairings on elliptic curves of embedding degrees , , which have
twists of order three. Our main goal is to provide a detailed arithmetic and
cost estimation of operations in the tower extensions field of the
corresponding extension fields. A good selection of parameters enables us to
improve the theoretical cost for the Miller step and the final exponentiation
using the lattice-based method as compared to the previous few works that exist
in these cases. In particular, for , , we obtain an improvement, in
terms of operations in the base field, of up to 25% and 29% respectively in the
computation of the final exponentiation. We also find that elliptic curves with
embedding degree present faster results than BN12 curves at the 128-bit
security level. We provide a MAGMA implementation in each case to ensure the
correctness of the formulas used in this work.Comment: 25 page
Computing Optimal Ate Pairings on Elliptic Curves with Embedding Degree and
Much attention has been given to efficient computation of pairings on elliptic curves with even embedding degree since the advent of pairing-based cryptography. The existing few works in the case of odd embedding degrees require some improvements.
This paper considers the computation of optimal ate pairings on elliptic curves of embedding degrees k=9, 15 \mbox{ and } 27 which have twists of order three. Mainly, we provide a detailed arithmetic and cost estimation of operations in the tower extensions field of the corresponding extension fields. A good selection of parameters
enables us to improve the theoretical cost for the Miller step and the final exponentiation using the lattice-based method comparatively to the previous few works that exist in these cases. In particular for and we obtained an improvement, in terms of operations in the base field, of up to and respectively in the computation of the final exponentiation.
Also, we obtained that elliptic curves with embedding degree present faster results than BN curves at the -bit security levels.
We provided a MAGMA implementation in each case to ensure the correctness of the formulas used in this work
Still Wrong Use of Pairings in Cryptography
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Several pairing-based cryptographic protocols are recently
proposed with a wide variety of new novel applications including the ones
in emerging technologies like cloud computing, internet of things (IoT),
e-health systems and wearable technologies. There have been however a
wide range of incorrect use of these primitives. The paper of Galbraith,
Paterson, and Smart (2006) pointed out most of the issues related to the
incorrect use of pairing-based cryptography. However, we noticed that
some recently proposed applications still do not use these primitives correctly.
This leads to unrealizable, insecure or too ine cient designs of
pairing-based protocols. We observed that one reason is not being aware
of the recent advancements on solving the discrete logarithm problems in
some groups. The main purpose of this article is to give an understandable,
informative, and the most up-to-date criteria for the correct use of
pairing-based cryptography. We thereby deliberately avoid most of the
technical details and rather give special emphasis on the importance of
the correct use of bilinear maps by realizing secure cryptographic protocols.
We list a collection of some recent papers having wrong security
assumptions or realizability/e ciency issues. Finally, we give a compact
and an up-to-date recipe of the correct use of pairings
Pairing-Based Cryptography - Pairing 2012 : 5th International Conference, Cologne, Germany, May 16-18, 2012, Revised Selected Papers
This book constitutes the refereed proceedings of the 5th International Conference on Pairing-Based Cryptography, Pairing 2012, held in Cologne, Germany, in May 2012. The 17 full papers for presentation at the academic track and 3 full papers for presentation at the industrical track were carefully reviewed and selected from 49 submissions. These papers are presented together with 6 invited talks. The contributions are organized in topical sections on: algorithms for pairing computation, security models for encryption, functional encryption, implementations in hardware and software, industry track, properties of pairings, and signature schemes and applictions
Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)
In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future
Group Signatures with Message-Dependent Opening: Formal Definitions and Constructions
This paper introduces a new capability for group signatures called message-dependent opening. It is intended to weaken the high trust placed on the opener; i.e., no anonymity against the opener is provided by an ordinary group signature scheme. In a group signature scheme with message-dependent opening (GS-MDO), in addition to the opener, we set up an admitter that is not able to extract any user’s identity but admits the opener to open signatures by specifying messages where signatures on the specified messages will be opened by the opener. The opener cannot extract the signer’s identity from any signature whose corresponding message is not specified by the admitter. This paper presents formal definitions of GS-MDO and proposes a generic construction of it from identity-based encryption and adaptive non-interactive zero-knowledge proofs. Moreover, we propose two specific constructions, one in the standard model and one in the random oracle model. Our scheme in the standard model is an instantiation of our generic construction but the message-dependent opening property is bounded. In contrast, our scheme in the random oracle model is not a direct instantiation of our generic construction but is optimized to increase efficiency and achieves the unbounded message-dependent opening property. Furthermore, we also demonstrate that GS-MDO implies identity-based encryption, thus implying that identity-based encryption is essential for designing GS-MDO schemes
Efficient Implementations of Pairing-Based Cryptography on Embedded Systems
Many cryptographic applications use bilinear pairing such as identity based signature, instance identity-based key agreement, searchable public-key encryption, short signature scheme, certificate less encryption and blind signature. Elliptic curves over finite field are the most secure and efficient way to implement bilinear pairings for the these applications. Pairing based cryptosystems are being implemented on different platforms such as low-power and mobile devices. Recently, hardware capabilities of embedded devices have been emerging which can support efficient and faster implementations of pairings on hand-held devices. In this thesis, the main focus is optimization of Optimal Ate-pairing using special class of ordinary curves, Barreto-Naehring (BN), for different security levels on low-resource devices with ARM processors. Latest ARM architectures are using SIMD instructions based NEON engine and are helpful to optimize basic algorithms. Pairing implementations are being done using tower field which use field multiplication as the most important computation. This work presents NEON implementation of two multipliers (Karatsuba and Schoolbook) and compare the performance of these multipliers with different multipliers present in the literature for different field sizes. This work reports the fastest implementation timing of pairing for BN254, BN446 and BN638 curves for ARMv7 architecture which have security levels as 128-, 164-, and 192-bit, respectively. This work also presents comparison of code performance for ARMv8 architectures
Pairing-Based Cryptography - Pairing 2012 : 5th International Conference, Cologne, Germany, May 16-18, 2012, Revised Selected Papers
This book constitutes the refereed proceedings of the 5th International Conference on Pairing-Based Cryptography, Pairing 2012, held in Cologne, Germany, in May 2012. The 17 full papers for presentation at the academic track and 3 full papers for presentation at the industrical track were carefully reviewed and selected from 49 submissions. These papers are presented together with 6 invited talks. The contributions are organized in topical sections on: algorithms for pairing computation, security models for encryption, functional encryption, implementations in hardware and software, industry track, properties of pairings, and signature schemes and applictions
- …